From: Sage Weil <sage@redhat.com>
Date: Thu, 6 Aug 2015 15:57:57 +0000 (-0400)
Subject: systemd: use --setuser and --setgroup for all daemons
X-Git-Tag: v9.1.0~294^2~10
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8f3185bade4b67876ca305e2ce9238626796fb11;p=ceph.git

systemd: use --setuser and --setgroup for all daemons

Allow all daemons drop privilege themselves, instead of letting
systemd do it.

Among other things, this means that admins can conditionally not
drop prives by setting

  setuser match path = /var/lib/ceph/$type/$cluster-$id

in their ceph.conf to ease the pain of upgrade.

Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
---

diff --git a/systemd/ceph-mds@.service b/systemd/ceph-mds@.service
index e045ebba0aaf..7e5a95e8c4eb 100644
--- a/systemd/ceph-mds@.service
+++ b/systemd/ceph-mds@.service
@@ -7,9 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-mon@.service b/systemd/ceph-mon@.service
index 396cb84a18c7..7ac9b8f2ec76 100644
--- a/systemd/ceph-mon@.service
+++ b/systemd/ceph-mon@.service
@@ -13,9 +13,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-osd@.service.in b/systemd/ceph-osd@.service.in
index 5c7f77c7fe72..fac1932f58f2 100644
--- a/systemd/ceph-osd@.service.in
+++ b/systemd/ceph-osd@.service.in
@@ -8,7 +8,7 @@ PartOf=ceph.target
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-osd -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
-ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --setuser ceph --setgroup ceph --id %i
+ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-radosgw@.service b/systemd/ceph-radosgw@.service
index 8a520aca30d6..486cef889cb4 100644
--- a/systemd/ceph-radosgw@.service
+++ b/systemd/ceph-radosgw@.service
@@ -7,7 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i
+ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i --setuser ceph --setgroup ceph
 
 [Install]
 WantedBy=ceph.target